It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
If this question can be reworded to fit the rules in the help center, please edit the question.

2

This question is too broad for an answer here. There's just too much to cover. I've voted to close it. Please have a look around here and you'll find that your questions have been answered many times here.
–
Adnan - AdiJun 9 '13 at 12:09

1 Answer
1

1) Assuming that the server is also malware free, and that you aren't subject to a Man in the Middle (MitM) attack, only the client and the server can monitor the connection. It's easy to see how the session can be monitored if client or server is compromised. MitM is the real attack vector against this.

With MitM, the attacker presents the client with a certificate that purports to be the server's. The attacker effectively proxies the client's requests. This does require that the client either accept a certificate warning, the attacker has attacked a certificate authority and has fraudulently issued a legitimate SSL cert to his or herself, or that the attacker has control over DNS from the client to bypass the security checks a browser does on an SSL certificate.

2) If one monitors the handshake, and knows (or can cryptographically attack) the private key used to establish the session key for the connection, one can decrypt the SSL session. Wireshark, for example, is able to do this out of the box.

3) Successfully attacking the CA is going to get you a valid certificate for a domain of your choice. Comodo was attacked a year or so ago, and issued some bad certs for Google. This is not required to successfully attack a connection, though.

As mentioned, one can man in the middle. There have been protocol vulnerabilities in SSL1 and SSL2 that allow cryptographic attacks. The current iteration of TLS is good, as far as we know, but it is an area of crypto research. Additionally, the SSL handshake negotiates the algorithm used for encryption. Multiple weak encryption algorithms are enabled by default (there's actually a null cipher suite that does no encryption!), and if used can compromise the confidentiality of your connection.

1) Does the ISP logging(as commanded by several laws) considered MiTM attack(in results perspective)? For example in EU, ISPS are obligated to keep logs of internet activity i.e urls visited, for two years. Can they actually see what I am searching in Google, as soon as it a secured connection?
–
py_scriptJun 9 '13 at 14:44

1

To directly answer, no. They'll know you're talking to Google, but not what you're talking about (unless you click through on google to an insecure site and your referrer field leaks info). However, if your browsing information is being collected under warrant all bets are off.
–
Brandon FranklinJun 9 '13 at 14:49